Privacy Policy

This Privacy Policy for Splital, operated by Maria Jose Rojas Medrano and Maurizio Faleo ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

• Download and use our mobile application (Splital), or any other application of ours that links to this Privacy Policy
• Engage with us in other related ways, including any marketing or events

Reading this Privacy Policy will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at [email protected].

1. Encryption

All incoming and outgoing data — both in the communication with the Splital app and in third-party provider communication — are transmitted in encrypted form. The encrypted connection when using the Splital website can be seen via the address bar of the browser, which begins with "https://", and via the lock symbol found there. Because of encryption, the transmitted data cannot be read by third parties.

2. Data we collect

2.1. Personal information you disclose to us

We collect personal information that you voluntarily provide to us when you use our Services.

The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

• names
• email addresses
• passwords
• usernames
• contact preferences
• contact or authentication data
• details of the expenses you add
• details of the groups you create
• files you upload

2.2. Payment data

If you make purchases through the Services, the payment processing data are collected directly by the app stores and managed by RevenueCat. We do not collect or store your payment card details, security codes, or billing information. The data protection policies of these services can be viewed here:

• Apple App Store: https://www.apple.com/privacy/
• Google Play Store: https://policies.google.com/privacy
• RevenueCat: https://www.revenuecat.com/privacy/

2.3. Automatically collected data

When you use the Services, we automatically collect certain technical and usage information. This data is needed to maintain the security and operation of our Services, for troubleshooting, and for our internal analytics and reporting purposes. This includes:

• Device information such as your device model, operating system, app version, browser type, and language
• Internet Protocol (IP) address
• Usage data such as timestamps, pages viewed, features used, and actions taken
• Crash reports and performance data
• Approximate location data based on your IP address

3. How we use your data

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

• Account creation, authentication, and management
• Providing and delivering the Services you request
• Responding to your inquiries and providing support
• Sending administrative information such as changes to our terms or policies
• Enabling communications between users
• Requesting feedback about your use of the Services
• Sending marketing and promotional communications, in accordance with your preferences. You can opt out at any time.
• Protecting the security of our Services, including fraud monitoring and prevention
• Analyzing usage trends to improve our Services
• Measuring the effectiveness of our marketing campaigns
• Protecting an individual's vital interest, such as preventing harm

4. Legal bases for processing

The applicable data protection laws in your jurisdiction may require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:

4.1. Consent

We may process your information if you have given us permission to use your personal information for a specific purpose. You can withdraw your consent at any time by contacting us at [email protected].

4.2. Performance of a contract

We may process your personal information when it is necessary to fulfill our contractual obligations to you, including providing our Services.

4.3. Legitimate interests

We may process your information when it is reasonably necessary to achieve our legitimate business interests (such as improving our Services, supporting marketing activities, and preventing fraud), provided those interests do not outweigh your rights and freedoms.

4.4. Legal obligations

We may process your information when it is necessary to comply with applicable law, such as cooperating with a law enforcement body or regulatory agency.

4.5. Vital interests

We may process your information when it is necessary to protect the safety of any person.

5. Data sharing

5.1. Service providers

We may share your data with third-party service providers who perform services on our behalf. These third parties are contractually required to protect your personal information, use it only as we instruct, and not share it with anyone else.

• Digital Ocean. Infrastructure hosting on European Union servers.
• Hetzner. Infrastructure hosting on European Union servers.
• Cloudflare. CDN, security, performance optimization, and cloud storage on European Union servers.
• Apple App Store and Google Play Store. App distribution and payment processing.
• RevenueCat. Subscription management.
• Firebase Cloud Messaging. Push notifications.
• Google Analytics. Mobile app analytics and measurement of Google Ads campaigns.
• Google Ads. User acquisition.
• Simple Analytics. Cookieless website analytics.
• Zoho. Email communications.
• Sentry. Error and crash monitoring.

5.2. Business transfers

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

5.3. Other users

When you add expenses, payments, or other information to a group, that information is visible to all members of that group. You are responsible for which groups you join, which users you invite, and what information you share within them.

6. International data transfers

Our servers are located in the European Union. Your information may also be processed by third-party service providers located in the United States and other countries.

To protect your personal information during these transfers, we use the European Commission's Standard Contractual Clauses, which require all recipients to protect personal data originating from the EEA or UK in accordance with European data protection laws. Our Standard Contractual Clauses can be provided upon request.

7. Security

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, no electronic transmission over the Internet can be guaranteed to be 100% secure, so we cannot guarantee that unauthorized third parties will never be able to access your information. If you want to avoid any risk, you should not use our Services.

8. Children's privacy

Our Services are not intended for anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal data from a child under 16, we will take reasonable measures to promptly delete that data. If you believe we have collected information from a child under 16, please contact us at [email protected].

9. User rights

Depending on where you are located, applicable data protection laws may grant you certain rights:

• Right of access. You have the right to obtain information about the processing of your personal data and to access it.
• Right to rectification. You have the right to ask for the correction or completion of your personal data.
• Right to erasure. You have the right to request the deletion of your personal data.
• Right to restriction of processing. You have the right to request the restriction of the processing of your personal data.
• Right to data portability. You have the right to obtain a portable copy of your personal data.
• Right to object. Where we rely on our legitimate interest, you have the right to object to such processing.
• Right to withdraw your consent. You have the right to withdraw your consent at any time, although processing carried out before your withdrawal will remain valid.

You also have the right to lodge a complaint with your competent national data protection authority.

To exercise any of these rights, please send an email to [email protected]. We may need to verify your identity before processing your request.

9.1. Opting out of marketing and promotional communications

You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us at [email protected]. We may still send you service-related messages necessary for the administration of your account.

9.2. Account information

If you would like to review or change the information in your account or terminate your account, you can log in to your account settings or contact us at [email protected].

Upon your request to terminate your account, we will delete your account and information. Device and usage metrics will be anonymised. Expenses and groups shared with other users will be retained so that other members do not lose their records. We may retain some information to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

10. Changes to this policy

We may modify or update, in whole or in part, this Privacy Policy, and we will notify users of any changes in accordance with applicable privacy laws. If we make modifications, we will notify you by revising the date at the bottom of this policy and, under certain circumstances, we may also notify you by additional means such as a pop-up in the app.

11. Contact us

If you have any feedback, questions or comments about the Services, please contact us at [email protected].

Last updated: March 24, 2026